Vermont State Security Breach Laws 

Definition of Personal Information: An individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or data elements are not encrypted or redacted or protected by another method that renders them unreadable or unusable by unauthorized persons:

(a) Social security number;
(b) Motor vehicle operator's license number or non-driver identification card number;
(c) Financial account number or credit or debit card number, if circumstances exist in which the number could be used without additional identifying information, access codes, or passwords; or
(d) Account passwords or personal identification numbers or other access codes for a financial account.

Summary: Any data collector that owns or licenses computerized personal information that includes personal information concerning a consumer shall notify the consumer that there has been a security breach following discovery or notification to the data collector of the breach. Notice of the breach shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of the law enforcement agency, or with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system.

Visit the state Web site